top of page

Privacy Policy

The purpose of this Privacy Notice is to make it easier for you to understand how we use and protect your personal data. Personal data is any data that can identify you either on its own or used with other data.
This Privacy Notice will help you understand your privacy rights, how and why we need to process your personal data, and how you can get in touch with us if you need to. Processing personal data involves any activity to do with that data, for example collection, storage, editing and deletion.
We’ve presented this information in different sections so you can access the information you need more easily.

We take your personal data privacy very seriously and we're committed to protecting your personal data by complying with the relevant privacy legislation. 

If we make any significant changes impacting your privacy, we'll make this clear on our website. 

Who are we and what is our role?

We’re Trinzic Operations Limited, trading as Trinzic.  

We’re a “controller” of your personal data. This is a legal term – it means that we make decisions about how and why we process your personal data, and, because of this, we’re responsible for making sure it’s used in accordance with data protection laws.

We engage with a number of external third-party companies that process your personal data on our behalf. These companies are referred to as “processors”.  When we use processors, they’ll use your personal data on our behalf and only for the services and limited purpose that we instruct them to use it.  When we use processors, we remain responsible, as a controller, for compliance with all data protection legislation.

What is the legal basis for processing your data?

We’re required by law to always have a permitted reason or justification (called a “lawful basis” or “legal basis”) for processing your personal data.  
Depending on the processing activity, we may use one or more of the following lawful bases for processing your data:

  • Consent:  where you’ve given your consent for the processing

  • Contract:  where processing is necessary for the performance of a contract.

  • Legal obligation: where processing is needed to comply with our legal obligations.

  • Vital interests: where processing is needed to protect your vital interests or those of another person.

  • Public task: where processing is needed for us to perform a task in the public interest of for our official functions.

  • Legitimate interests: where processing is needed for our legitimate interests or those of a third party unless on balance, these are outweighed by the need to protect your individual rights.

Our legal basis for processing your data for most activities will be:

  1. Article 6(1)(b) of the GDPR, which allows us to process personal data when processing is necessary for a contract, we have with you or because you have asked us to take specific steps before entering into a contract.

  2. Article 6(1)(f) of the GDPR, which allows us to process personal data when processing is necessary for our legitimate interests or the legitimate interests of a third party, unless, on balance, these are outweighed by the need to protect your individual rights

We may also process personal data where we have a legal obligation, article 6(1)(c), where we believe it is in the vital interests of the data subject, article 6(1)(d) or where you have given consent article 6(1)(a).

In limited occasions we may process sensitive (special category) data, such as health related information, ethnicity, or biometric data when carryout our task or in response to your engagement with us and use legal basis of explicit consent, article 9(1)(a) or employment, social security and social protection law, article 9(1)(b).

What types of data do we process? 

We process the following types of data:

  • Personal Data – Information that can be used to identify an individual, either directly on its own or in combination with other information such as a name, an identification number, location data, an online identifier.

  • Special Categories of Personal Data – Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Criminal conviction related data (about allegations, offences or sentencing) is also treated in a similar way.  

  • Pseudonymised – Personal data that has been processed in such a way that it can no longer be attributed to a specific person without the use of additional information. Such additional information must be kept carefully separate from personal data.

  • Anonymised – Data in a form that does not identify individuals.  Personal data, once it is anonymised, is no longer personal data.

  • Aggregated – Statistical data about several individuals that has been combined to show general trends or values without identifying individuals within the data.

We use the information you’ve provided us or that we have collected about you to help us deliver the service you requested, as part of our business operations or as part of recruitment activities.

This could include contacting you to discuss the service we are providing, the management of our suppliers or contractors, to progress an application and manage any enquiries.

Depending on your relationship with us we would typically expect to collect but not limited to:

  • Your name

  • Address

  • Phone number

  • Email address

  • IP addresses (through our website)

  • Details of qualifications, skills, experience and employment history (as part of recruitment)

  • Equal opportunities monitoring information, such as gender, ethnicity, age, marital status and nationality (as part of recruitment) 

The use of artificial intelligence, robotics and automated decision

We do not currently use AI, robotics or other automated decision making tools that produce legal or similarly significant effects about data subjects.  


We may operate CCTV and other surveillance systems in (and around) our sites which capture images of you. We may be able to identify you from the CCTV data. We will only use this data to prevent, detect, deter and report on crime, to protect our sites and assets from crime, to protect the health and safety of staff and other visitors and/or to assist with criminal investigations and support law enforcement bodies.

We use CCTV systems in this way for our legitimate interests (to prevent and detect crime), to comply with legal or regulatory obligations (to law enforcement bodies) and/or to protect the vital interests of you or other individuals.

What do we do with your data?

The personal data we collect and how we process it depends on our relationship with you. 

Typically, we collect data in these categories:  

•    business to business customers
•    job applicants
•    visitors (to our website, offices, sites or events) 
•    contractors or suppliers
•    property portfolio and infrastructure management 
•    employees

Our Employee Privacy Notice can be accessed by our employees internally.  

How do we collect your personal data? 

In most cases, we’ll collect this information directly from you, for example:

  • when you contact us through our websites, by telephone (including interactive voice response), post, e-mail or any other means

  • when you use our services

  • when you apply for a recruitment opportunity

  • When you take part in a public or customer consultation, survey and research 

We may collect this information from other sources, for example:

  • when we receive your personal data from third parties.

  • when we collect publicly available information about you

How do we keep your personal data safe? 

We take appropriate technical and organisational measures to prevent:

  • unauthorised or unlawful processing of personal data; and 

  • accidental or unlawful loss, alteration or destruction of, or unauthorised, disclosure of or access or damage to, personal data.    

Your personal data is held in secure systems with controlled access and subject to cyber security measures, whether we’re processing it in our offices or sites or working from home. We also apply strict physical security at all our sites and offices.

We only choose third party service providers in line with company protocol, procedures and checks, and when we use them, we disclose only the personal information that is necessary to deliver the service provided. 

All our employees must complete annual data protection training.

How long do we keep your information? 

In line with our Data Retention Policy and Schedules, we take all reasonable steps to retain your information for only as long as is necessary for the provision of our services. We adhere to the appropriate national standards and guidelines regarding data retention, e.g. for financial data.  When we delete your personal data, we do so securely.

With whom do we share your data – and where does it go?

We only share information with third parties if we have a fair and lawful basis to do so, such as when:

  • You’ve given us permission.

  • It’s in our legitimate business interests to do so.

  • A formal court order has been served upon us.

  • We are lawfully required to report certain information to the appropriate authorities, e.g. to prevent fraud or a serious crime.

  • It’s needed for emergency planning reasons, such as for protecting the health and safety of others.

We may use third party organisations to help us provide our services to you and with whom we share data. If so, we have contracts in place with these third parties. This means that they can’t do anything with your personal information unless we’ve instructed them to do it. They won’t share your personal information with any other organisation unless they are instructed by us to do so. They will hold it securely and retain it for the period we instruct. 

Some of the third parties with whom we share your data may be based outside of the United Kingdom and, in some cases, outside the European Economic Area.  In these cases, your data is protected by the special safeguarding measures set out by the data protection legislation i.e. 

  • our contracts with these third parties incorporate the standard contractual clauses adopted by the European Commission and UK authorities for this purpose; or

  • the transfer is protected by the recipient’s binding corporate rule arrangements; or 

  • the recipient is in a country whose data protection laws are deemed by UK/EU authorities to provide adequate safeguard for transferred personal data without the need for additional safeguarding measures to be put in place.

We have published a list of the third parties with whom we share data and from whom we receive data.

What are your data privacy rights?

You have certain legal rights in relation to any personal data about you which we hold.  These rights are summarised below.

  • Informed    
    You can ask for details of how we process your personal data, as covered by this Privacy Notice.

  • Access     
    You can ask for a copy of the information that we hold about you. If possible, you should specify the type of information you’d like to see to ensure that our disclosure is meeting your expectations. We must be able to verify your identity. Your request may not impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other customers or staff. Other exemptions may apply dependent on the information and context.

  • Rectification
    You can ask that your personal data be corrected or updated if you believe it is inaccurate or incomplete. Please always check first whether there are any available self-help tools to correct the personal data we process about you. This right only applies to your own personal data. When exercising this right, please be as specific as possible.

  • Erasure
    You may, in certain circumstances be entitled to ask to have your personal data erased (also known as the “right to be forgotten”). We may not be in a position to erase your personal data, if for example, we need it to (i) comply with a legal obligation, or (ii) exercise or defend legal claims

  • Restriction
    You can ask us to stop using your data.  However, in some circumstances this right may not apply, for example, where we have a legal obligation to use the data.  

  • Portability
    This only applies to personal data you have given us. You have the right to ask that we send the information you gave us to you or to another organisation. We must provide the information in a structured, commonly used and machine-readable format.  The right only applies if we are processing the personal data based on your consent or we are under, or in talks about entering into, a contract with you, and where the processing is automated i.e. not paper records.  

  • Objection
    You can request that your personal data is not processed for specific purposes such as profiling.  This right applies where our processing of your personal data is necessary for us to perform a task in the public interest or for our official functions or for our legitimate interests. You can also object to our processing of your personal data for direct marketing purposes.
    If you’d like to opt out of receiving any marketing material from us, please contact us

  • Rights related to automated decision-making including profiling
    You have the right not to be subject to a decision based solely on automated processing of your personal data (ie no human intervention), including profiling, where the decision affects your legal status or rights or where the decision has a similarly significant effect, eg affecting your financial circumstances or employment opportunities.   

In a small number of cases, our processing of your personal data is based on your consent.  In these cases, you have the right to withdraw your consent at any time. If you do decide to withdraw your consent, we’ll stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we’ll let you know. Your withdrawal of your consent won’t impact any of our processing up to that point.

The applicability of some of these rights depends on the legal basis of processing of the data concerned. Some of these rights only apply in specific circumstances and we may not need to fully comply with your request in all cases. 
You may exercise any of these rights free of charge, by contacting us.  We may need to check your identity and may need to ask for more information – it’ll help us to help you if you're as specific in your request as possible. 

We’ll comply with your request within one calendar month (from the time we receive your request, or any additional information we asked for) unless:

  • It's a complex request – in such cases, we’ll respond within the month to inform you of the appropriate response period that will apply to your request (which may be a period of up to three months); or

  • in exceptional circumstances, we would not be able to carry out your request. In these cases, we will inform you of the reason within one calendar month.  

Contact and escalation details:

Contact by email:
For any query related to our use of your personal data or to exercise your data privacy rights, please contact us at:

How to escalate a complaint related to our use of your personal data 
You have the right to lodge a complaint with the Information Commissioner’s Office regarding our use of your data or regarding our data protection practices. 

You have the right to lodge a complaint with the Information Commissioner’s Office regarding our use of your data or regarding our data protection practices.

Please email us first so we have a chance to address your concerns. If we fail to resolve your issue, you can report any complaint to the Information Commissioner’s Office.

bottom of page